ShadowTrackr

Log in >
RSS feed

Automatically trust Microsoft O365 certificates

23 April 2023
Some clients reported that Microsoft required them to have certain DNS records available for their Office 365 cloud account. Two (fictive) examples are lyncdiscover.shadowtrackr.com and sip.shadowtrackr.com. You are not required to actually have a website running on those URLs. Microsoft will forward them to their proper cloud servers, serve a standard Microsoft O365 TLS certificate, and that's it.

Or is it?

Some services will start complaining about not trusting the TLS certificate since you now have a domain mismatch. Microsoft itself explains here that you should just trust these certificates and get on with it.

That works, but ShadowTrackr willlist your TLS certificate as a problem since the domain mismatch is still there. If you do not want that, you now have te option to force ShadowTrackr to always trust Microsoft TLS certificates. It's available under Settings->general

If you enable this, it will only work for valid Microsoft TLS certificates on ip addresses that are in the Microsoft cloud range. If any of these conditions is not true you will still see an error appearing in your reports (as you should).
Older posts >

Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI